Malicious key generation (keygen) software is one of the fastest-growing types of a malware, according to the latest Microsoft Security Intelligence Report (SIR).
In the past year, malicious keygen software has increased from a million detected instances to five million – and 26 times as frequent as the first half of 2010, when this type of malware was first detected.
In the first half of 2012, malicious keygen software escalated rapidly above malware exploiting the Win32 Autorun vulnerability, to establish itself as the top malware family.
Some 76% of this malware is linked to other malware, Tim Rains, director of Microsoft Trustworthy Computing told Computer Weekly, underlining the need for user awareness as a first line of defence.
Keygen software typically generates a licensing key, serial number or some other registration information necessary to activate a software application.
Attackers are using this kind of software to lure people who are seeking to activate unlicensed copies of popular software, particularly Adobe Photoshop, Autocad and Nero Multimedia, said Rains.
Malicious keygen software, which relies heavily on social engineering, was among the top 10 threats of a handful of countries in 2010, but now features in the top 10 of 98% of regions featured in the SIR.
Researchers have even seen instances of malicious links for downloading free software such as Adobe Flash.
“It is always safer to go directly to software makers rather than through third parties,” said Rains.
Similarly, he said, web users should be wary of free music or video because these are popular ways used by cyber criminals to trick people into downloading malware or lure them onto compromised sites.
Ensuring that all software, including browsers, are up to date to include the latest security is an important basic step in protecting against drive-by infections from compromised websites, said Rains.
Another trend highlighted by SIR volume 13, is that vulnerability disclosures across the software industry in the first half of 2012 were up 11.3% from the second half of 2011.
Vulnerabilities are weaknesses in software that enable an attacker to compromise the integrity, availability or confidentiality of the software or the data it processes.
“We have seen a gradual decline since 2008, but now there is this sudden increase, mostly in web and line-of-business applications rather than operating systems and browsers,” said Rains.
Known exploits feature in the top 10 threats in many countries, including the UK, which means that it has never been more important to patch applications with security updates than now, he said.
The top 10 threats in the UK include three exploits, which is on the high side said Rains. These are the Blacole or Blackhole exploit kit, Java exploits and .pdf exploits.
“Attackers continue to take advantage of organisations that are failing to update all the software they are using,” said Rains.
Conficker also remains a top threat for both the consumer and enterprise markets, he said, despite the fact that there have been no new variants in over four years.
The main method of propagation is using common or default passwords like “password123” or abusing vulnerabilities in Win 32 Autorun.
But simply by implementing complex passwords throughout and updating to the latest Windows operating system (OS), businesses can go a long way to blocking further Conficker infections, said Rains.
The best primary form of defence remains keeping software up to date, he said, although enterprises should ensure they are using Microsoft update rather than Windows update to ensure that all Microsoft products are updated automatically, and not just the OS.